CRITICAL🇬🇧 English

CVE-2022-26945

CVSS 9.8v3.1pub. 2022-05-25upd. 2024-11-21

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hashicorp Go Getter

    APP
    Hashicorp
    2.0.2≤ 1.5.11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-3817CRITICAL9.8PL ✓ten sam produkt

HashiCorp go-getter: argument injection przy odkrywaniu zdalnych gałęzi Git

CVE-2025-8959HIGH7.5ten sam produkt

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauth...

CVE-2024-6257HIGH8.4ten sam produkt

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git...

CVE-2022-30321HIGH8.6ten sam produkt

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processin...

CVE-2022-30322HIGH8.6ten sam produkt

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTT...

CVE-2022-26945 — CRITICAL 9.8 | CVEbaza.pl